If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

It would be nice if i could take a screen shot of it to show you, but i have written down the message and will try to relay it as best i can. The zone alarm message looks like this;

ZONE ALARM ALERT

do you want to allow a clear text password to be sent to 68.114.88.31 ?

TECHNICAL INFORMATION

Destination IP 68.114.88.31
Application Imesh.exe
Version 2.2.0.121

MORE INFORMATION AVAILABLE

imesh client for PC platforms is trying to send "ebay password" to 68.114.88.31

the color of the text ZONE ALARM ALERT is in purple background. I am running Norton antivirus with autoprotect on. I updated last just yesterday. I have Spybot 1.2 and Ad-Aware and both of those are updated and just ran. I have not done a full system scan with norton though. I did notice something wierd the other day while imesh was running i noticed that my norton shut itself off and that worried me so i immediately rebooted. I may have gotten a virus then through one of the spyware programs i just removed with ad-aware. i just installled that this morning too and found 52 things. I will run a full scan while waiting for a reply from the rest of you. Thanks.

Not sure why imesh is requesting your ebay password... but zone alarm has built in protection for this.

In response to the rapidly growing number of incidents of online identity theft, "phishing," and other e-fraud exploits, Zone Labs has formed a Security Alliance Partner Program. The goal of the Security Alliance Partner Program is to combat electronic fraud and identity thieves through vendor cooperation in developing and distributing solutions that will protect the sensitive personal information required for online transactions.
Through collaboration with leading internet retailers such as eBay, Amazon, and others, Zone Labs has developed a set of e-fraud protection features designed to reduce consumers' vulnerability to ecommerce fraud and identity theft. The combination of Zone Lab's myVault Lock box protection for sensitive personal information combined with fraud prevention features such as vendor-specific IP verification ensures that users are alerted when sensitive information is being sent to unauthorized destinations.

If I were you, I'd do a packet sniff with something like ethereal to find out exactly what is trying to be sent.

I couldn't find any info on imesh trying to send ebay passwords... just that zone alarm "protects it"... To me, it sounds like zone alarm is doing its job, and denying access.

I'd still be a little concerned about using imesh though... seeing that it allows other users to request passwords for ebay accounts? That doesn't make sense to me... though, there are a lot of things that don't make sense to me....

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

what do i do with it (ethereal)? I mean is this supposed to reveal what is sending the pass or what. i dont understand how i use this to stop it from happening? That and i dont know how to use it in the first place. Where could my ebay password be stored? ill delete it. MY main objective is to kill the source of this and i dont care about my account i have already emailed them with a request to delete my files. Also whenever i send an email i get the same zone alert. it always sends to a different IP. So its not just imesh. Also the norton scan has revealed nothing.

It does a text search in all outgoing packets, as well as incoming. In the zone alarm settings you can also tell it Which sites are okay to use that information, which sites banned, and whether to notify your or block by default. So that options as to what site it hits on and what sites are allowed is 100% up to you. In the case of the ebay password, zonealarm knows by default to check the URL and an SSL connection because of the configuration they included into it, so it knows what is ebay and what isn't already Even then, you can fine tune and configure that.

I use Zonealarm Pro and I have never had it ask for or makeuse of any password on my system (of course I don't use autocomplete passwords either??).
Aeridyne, from what you posted :

ZONE ALARM ALERT

do you want to allow a clear text password to be sent to 68.114.88.31 ?

TECHNICAL INFORMATION

Destination IP 68.114.88.31
Application Imesh.exe
Version 2.2.0.121

You Imesh. exe is the culprit. If you are not deeply in love with this program, I would suggest uninstalling it (delete that sucker). I don't trust most P2P transfer programs anyway, and this one seems intent of divulging your password in clear text. Your zonealarm is doing its job and alerting you to a possible problem, and that is very good. If you wished to not be bothered by the constant popup alerts you can check the box to always follow the same intruction (either allow or disallow) and thn it will just do such automatically and not alert you everytime. You can later change this rule in your options at a later time if you wish.

\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown

well i would have just checked the box and forgot about it...but the option is grayed and not available. On top of that it is always sending it to a different IP. So even if i could wouldnt it just ask again because its a diff ip that its sending to? also keep in mind that my email does the same thing anytime i send an email, even when imesh is not running. I cant remember exactly what it says, but its essentially the same thing. And unfortunately i am in love with imesh. I dont know if deleting it would work anyway since my email does it too...?? Plz help.

pooh sun tzu, As long as your being technical, a packet sniffer is a piece of software that captures and dumps the content of packets like ethereal packetmon etc. A firewall is not a packet sniffer. It may use packet filtering but is not itself a packet sniffer. Packet filtering can be incorporated into packetsniffers to check for packets going to or coming from certain address or packets that contain certain strings, flags etc. and then dump only those or exclude them from the dump Your point is not taken.

Aeridyne I have not used zone alarm for a while and did not know it scanned for given strings. That is pretty cool and does put a different slant on things. My apologies. Something that could do that would have a signiture in virus definitions. Unless its 0day and this, apparently has been going on for a while…which is why I asked what av you were using.

(below) this one uses kazaa and emule to spread. This doesn’t mean you cant get it anyway. If you don’t have anti-virus software get it. If you do update your definitions and do a full scan (just went back and say you already did this)

although imesh seems to be the cause its not built into the program to do this. after you clean your system you can download it again and re-install just make sure you keep you av up to date along with keeping your os patches current etc.

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

I don't trust P2P programs. It just bother me that I don't have apsolute control of my HDD content. Anyone can use my box as relay for any kind of files. Someone will say that you can turn off the file sharing. What is the point then? You just take, and don't give anything in return. And how to trust in content you get?
For this particular case:
Some viruses/troyans use other aplications to mask themselves. Aeridyne found some viruses on his box. Imesh is probably used by them to mask IP trafic. ZoneAlarm has option to check if application is changed. I strongly recommend turning on that option. Also, I recommend to deintstall Imesh, and to delete his folder... then install it again if you can't live without it.